0
0
Cyber Threat Report Highlights Social Engineering Dominance
A recent cyber threat report published by Avast sheds light on the prevalence of social engineering tactics in cyber threats during the first quarter of 2024. According to the report, a staggering 90% of cyberattacks on mobile devices and 87% on desktop devices involved scams, phishing, and malvertising, highlighting the exploitation of human vulnerabilities over technical weaknesses.
Rise of Sophisticated Scams
One of the most significant observations in the report was the considerable increase in scams utilizing advanced technologies such as deepfake videos and AI-manipulated audio. These deceptive practices often involve the hijacking of YouTube channels and other social media platforms to disseminate fraudulent content. Cybercriminals are evolving their tactics by tying their scams to high-profile events and figures to lend credibility to their malicious activities.
YouTube has emerged as a key platform for these malicious activities, with Avast’s data showing that four million unique users were protected against YouTube-based threats in the previous year, with half a million users safeguarded in the first quarter of 2024 alone. Cybercriminals are exploiting the automated advertising and user-generated content features of YouTube to evade traditional security measures and launch a variety of attacks, ranging from phishing campaigns to malware distribution.
Prevalent Scam Tactics on YouTube
- Phishing campaigns targeting creators with fake collaboration offers, leading to malware distribution and compromised accounts.
- Posting videos with malicious links disguised as legitimate software downloads in the video descriptions.
- Channel hijacking to push various scams, including crypto schemes that kick off with bogus giveaways.
- Creating fake domains mimicking reputable software brands to distribute malware disguised as authentic software.
Rise of Malware-as-a-Service
The report also highlighted the increasing prevalence of Malware-as-a-Service (MaaS) in cybercrime, where criminals rent out malware to less experienced individuals, enabling them to launch attacks on a commission-based model. This approach simplifies the execution of cyberattacks and makes sophisticated tools accessible to a wider range of cybercriminals.
Specific malware types like DarkGate and Lumma Stealer were mentioned for their methods of propagation, including spreading through platforms like Microsoft Teams and YouTube. These evolving strategies underscore the importance of social engineering in modern cybercrime tactics.
Jakub Kroustek, Gen’s Malware Research Director, highlighted the severity of the current cyber risk landscape, stating that “in the first quarter of 2024, we reported the highest ever cyber risk ratio – meaning the highest probability of any individual being the target of a cyberattack.”
Kroustek further emphasized that cybercriminals are increasingly targeting human vulnerabilities, exploiting emotions and curiosity to access sensitive personal and financial information. As technical exploits in the crypto space have decreased, the rise of non-technical attacks underscores the growing challenge posed by social engineering tactics and the advancements in AI.
Image/Photo credit: source url
